That doesn’t actually solve the issue, although it does help you a bit; I’ll try and explain as simply as I can.
What this doesn’t prevent is someone outside of your network passing a DNS request to your router, which then in turn instead of dropping the packet, forwards it on. Now if you want to be nasty you also push a malformed DNS packet which causes an “amplification” (a DNS request message of some 60 bytes can be configured to elicit a response message of over 4000 bytes to the target server). Now this doesn’t affect you or your router, but what it does once it hits the target DNS server (say Cool Ideas) is overloading it, especially effective if you get 100s or even 1000s of people doing this at the same time.
So true! I’m going to be pursuing a few follow-ups on this. ISPs are going to have to be better about not only updating their clients’ routers, but filtering out attack traffic from their subscribers that might be targeting another network.
Hey! So’s your face! Or something…
In seriousness, I pity my poor editors sometimes. I file these 1000+ word epics and they don’t always have any more time to edit them than the 300-word articles that have become the staple of online journalism.
Cut them some slack .
Yeah, this is an issue for me as well.
With Vox I was able to request access to my router, so long as I signed a document which said that I take responsibility for anything I might break. They warn that if they have to send out a technician to fix something that I broke, they would bill me for it… Which is fair.
It’s really not that hard, but you need to know what you are doing. I personally believe many of the ISPs have the required people or equipment in place to mitigate these attacks
dude, everyone and their aunty is constantly munching on bacon here I went for an interview the other day and I swear everyone was noshing bacon butties!
.
I went for an interview the other day and I swear everyone was noshing bacon butties!